6.3 Optional features and applicability tables formatting .................................................................. 13 6.3.1 Format of the table of optional features................................................................................................... 13
6.3.2 Format of the applicability table .............................................................................................................. 13
6.3.3 Status and Notations ............................................................................................................................... 14
6.4 Test environment description ...................................................................................................... 14
6.5 Test equipment............................................................................................................................ 15
6.6 Test execution ............................................................................................................................. 15 6.6.1 General Initial Conditions ........................................................................................................................ 15
6.12.1.2. PE MF ................................................................................................................................................. 19
6.12.1.3. PE PUKCodes .................................................................................................................................... 20
6.12.1.4. PE PINCodes ..................................................................................................................................... 21
6.12.1.5. PE USIM ............................................................................................................................................. 22
6.12.1.6. PE PINCodes (Local PIN) ................................................................................................................... 24
6.12.1.7. PE AKA Parameter ............................................................................................................................. 24
Securing the future of mobile services 4
Security, Identity, Mobility
6.12.1.8. PE SecurityDomain (MNO SD) ........................................................................................................... 25
6.12.1.9. PE Security Domain (SSD) ................................................................................................................. 26
6.12.1.10. PE Application ................................................................................................................................ 28
6.12.1.11. PE RFM .......................................................................................................................................... 29
6.12.1.12. PE End ........................................................................................................................................... 29
6.12.2 Customised PEs ..................................................................................................................................... 29
6.12.2.1. PE Security Domain............................................................................................................................ 29
6.12.2.2. PE Application .................................................................................................................................... 36
7. Profile Package General Structure ........................................................................ 40
7.1 Test requirements ....................................................................................................................... 40
7.2 Test cases / scenarios ................................................................................................................ 40
8. Profile Package Elements Definition ..................................................................... 41
8.1 Test requirements ....................................................................................................................... 41 8.1.1 Common types ........................................................................................................................................ 41
8.1.3 File system .............................................................................................................................................. 43
8.2.2.5. Check OTA HTTPs Personalisation ................................................................................................... 63
8.2.3 Check PE Application.............................................................................................................................. 64
8.2.3.1. Check Application PE (PE_Applet) and mandatory elements in ApplicationInstance ......................... 64
8.2.3.2. Check all elements in ApplicationLoadPackage – taking size into account. ....................................... 65
8.2.3.3. Check all elements in ApplicationInstance .......................................................................................... 66
8.2.3.4. Error when load a PE-Applet4 and bad library is provided. ................................................................ 67
CIN Card Image Number / Card Identification Number
DF Dedicated File
DGI Data Grouping Identifier
DO Data Object
EAP Extensible Authentication Protocol
EF Elementary File
eUICC embedded UICC
EUM eUICC Manufacturer
FCP File Control Parameters
FFS For Further Study
GBA Generic Bootstrapping Architecture
HCI Host Controller Interface
ICCID Integrated Circuit Card ID
ID Identifier
IIN Issuer Identification Number
Securing the future of mobile services 9
Security, Identity, Mobility
IMSI International Mobile Subscriber Identity
ISD-P Issuer Security Domain Profile
ISIM IP Multimedia Services Identity Module
IUT Implementation Under Test
LCSI Life Cycle Status Information
M2M Machine to Machine
MAC Message Authentication Code
MAC-A MAC used for authentication and key agreement
MBMS Multimedia Broadcast/Multicast Service
MNO Mobile Network Operator
MNO-SD Mobile Network Operator Security Domain (Root SD of a Profile)
NAA Network Access Application
NAC Network Access Control
OID Object Identifier
OS Operating System (of the eUICC)
OTA Over the Air
PE Profile Element
PIN Personal Identification Number
POL Policy Rules within the Profile
PUK PIN Unblocking Key
RAM Remote Application Management
RFM Remote File Management
RQ Requirement
SCP Secure Channel Protocol
SD Security Domain
SP Service Provider
SQN Sequence Number
SSD Supplementary Security Domain
SW Status Word
SWP Single Wire Protocol
T Test Tool
USIM Universal Subscriber Identity Module
5. Definitions
Default Profile A profile which can be used to connect to the network.
embedded UICC A UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions.
Policy Rules Defines the atomic action of a policy and the conditions under which it is executed.
Profile Combination of a file structure, data and applications on an eUICC.
Profile Creator External entity in charge of creating the Profile Package based on MNO
requirements, protecting the Profile Package from modification and/or
content access.
Securing the future of mobile services 10
Security, Identity, Mobility
Profile Element A Profile Element is a part of the Profile Package representing one or several
features of the Profile encoded using TLV structures based on ASN.1
description.
Profile Interpreter On card entity which interprets and translates the ASN profile data to objects
residing on the eUICC (files, SD-s, applications, keys, etc.).
Profile Manager On-card entity, which is able to load, install, activate and deactivate a profile
as per GSMA [GS RPT].
Profile Package A Personalised Profile using an interoperable description format transmitted
to an eUICC in order to load and install a Profile.
Provisioning The downloading and installation of a Profile into an eUICC.
Remote Provisioning Provisioning done by the subscription manager on an eUICC outside of his
premises, using a secure data link.
Securing the future of mobile services 11
Security, Identity, Mobility
6. Test environment
6.1 Table of optional features The supplier of the implementation shall state the support of possible options in table 1.
Table 1: Options
Item Option Status Support Mnemonic
1 Support of USIM O O_USIM
2 Support of ISIM O O_ISIM
3 Support of CSIM O O_CSIM
4 Support of milenage O O_MILENAGE
5 Support of TUAK O O_TUAK
6 Support of CAVE O O_CAVE
7 Support of GBA-USIM O O_GBA_USIM
8 Support of GBA-ISIM O O_GBA_ISIM
9 Support of MBMS O O_MBMS
10 Support of EAP O O_EAP
11 Support Contactless O O_CONTACTLESS
12 Support of Java Card O O_JAVACARD
13 Support of Multos O O_MULTOS
14 Support of ETSI TS 102 613 and TS 102 622 Card-emulation Mode
O O_CARDEMULATION
15 Support of ETSI TS 102 613 and TS 102 622 Reader Mode
O O_READER_MODE
16 Support of GlobalPlatform UICC Configuration O O_UICC_CONFIGURATION
17
Support of File System creation by Generic File Management PE Note: this option for PE-MF is not clearly stated in version 1 of the core specification
O
O_FILE_SYSTEM_BY_FILE_MANAGER
18 Support of File System creation by template O O_FILE_SYSTEM_BY_TEM
PLATE
19
For ApplicationLoadPackage, the following parameters are supported: nonVolatileCodeLimitC6 volatileDataLimitC7 nonVolatileDataLimitC8
O
O_MEMORY_LIMIT
20 For ApplicationLoadPackage hashValueis supported
O O_HASHVALUE
21 The eUICC reports error when profile with PE-USIM before PE-MF is loaded
O O_ERROR_FOR_PE_USIM_BEFORE PE_MF
22 The eUICC reports error when profile with PE-Application before PE-SecurityDomain is loaded
O O_ERROR_FOR_PE_APPLICATION_BEFORE PE_SECURITYDOMAIN
23 The eUICC reports error when profile with PE-RFM before PE-SecurityDomain is loaded
O O_ERROR_FOR_PE_RFM_BEFORE PE_SECURITYDOMAIN
24 The eUICC is able to correctly load profiles with PE-USIM before PE-MF
O O_SUPPORT_PE_USIM_BEFORE PE_MF
25 The eUICC is able to correctly load profiles with PE-Application before PE-SecurityDomain
O O_SUPPORT_PE_APPLICATION_BEFORE PE_SECURITYDOMAIN
26 The eUICC is able to correctly load profiles with PE-RFM before PE-SecurityDomain
O O_SUPPORT_PE_RFM_BEFORE PE_SECURITYDOMAIN
Securing the future of mobile services 12
Security, Identity, Mobility
The following dependencies exist between the options:
At least one of the NAA options O_USIM and O_CSIM shall be supported.
If O_USIM is supported, then the algorithm option O_MILENAGE shall be supported.
When O_GBA_USIM is supported also O_USIM shall be supported.
When O_GBA_ISIM is supported also O_ISIM shall be supported.
At least one of the runtime environments O_JAVACARD and O_MULTOS shall be supported.
6.2 Applicability table Table 2 a) specifies the applicability of each test case to the IUT.
Table 2 a): Applicability of tests
Test case Description Major Version
Major version 1
Support
Profile Package General Structure tests
FFS
Profile Package Elements Definition tests
Check Profile Format
8.2.1.1 Installing PE-USIM when eUICC supports USIM (File system
created by generic file manager) 2 N/A
8.2.1.2 Installing PE-USIM when eUICC supports USIM (File system
created by template) 1 C002
8.2.1.3 Installing PE-USIM when eUICC does not support USIM 1 C003
8.2.1.4 Installing profile without ProfileHeader PE 1 C002
8.2.1.5 Installing profile with PE-USIM before PE-MF, eUICC reports error 1 C006
8.2.1.6 Installing profile with PE-Application before PE-SecurityDomain,
eUICC reports error 1 C007
8.2.1.7 Installing profile with PE-RFM before PE-SecurityDomain, eUICC
reports error 1 C008
Check PE Security Domain
8.2.2.1 Check mandatory elements in PE Security Domain 1 C002
8.2.2.2 Check key list in PE Security Domain 1 C002
8.2.2.3 Check number of keyComponent objects 1 C002
8.2.2.4 Check sdPersoData 1 C002
8.2.2.5 Check OTA HTTPs Personalisation 1 C002
Check PE Application
8.2.3.1 Check Application PE (PE_Applet1) and mandatory elements in
ApplicationInstance 1 C002
8.2.3.2 Check all elements in ApplicationLoadPackage – taking size into
account
1 C002
8.2.3.3 Check all elements in ApplicationInstance 1 C002
8.2.3.4 Error when load a PE-Applet4 and bad library is provided. 1 C002
Table 2 b): Conditional items referenced by table 2 a)
Conditional item Condition
C001 IF (O_USIM SUPPORTED AND O_FILE_SYSTEM_BY_FILE_MANAGER SUPPORTED) THEN M ELSE N/A
C002 IF (O_USIM SUPPORTED AND O_FILE_SYSTEM_BY_TEMPLATE SUPPORTED) THEN M ELSE N/A
C003 IF O_USIM NOT SUPPORTED THEN M ELSE N/A
C004 IF O_MEMORY_LIMIT SUPPORTED THEN M ELSE N/A
C005 IF O_HASHVALUE SUPPORTED THEN M ELSE N/A
C006 IF O_ERROR_FOR_PE_USIM_BEFORE PE_MF THEN M ELSE N/A
C007 IF O_ERROR_FOR_PE_APPLICATION_BEFORE PE_SECURITYDOMAIN THEN M ELSE N/A
C008 IF O_ERROR_FOR_PE_RFM_BEFORE PE_SECURITYDOMAIN THEN M ELSE N/A
6.3 Optional features and applicability tables formatting
6.3.1 Format of the table of optional features
The columns in table 4.1 have the following meaning.
Column Meaning
Option: The optional feature supported or not by the implementation.
Status: See clause 7.3.3, ‘Status and Notations’.
Support: The support columns are to be filled in by the supplier of the implementation. The following common notations are used for the support column in table 1.
Y or y supported by the implementation;
N or n not supported by the implementation;
N/A, n/a or - no answer required (allowed only if the status is N/A, directly or after evaluation of a conditional status).
Mnemonic: The mnemonic column contains mnemonic identifiers for each item.
6.3.2 Format of the applicability table
The applicability of every test in table 2 a) is formally expressed by the use of Boolean expressions defined in
the following clause.
The columns in table 2 a) have the following meaning:
Column Meaning
Test case: The “Test case” column gives a reference to the test case number(s) detailed in the present document and required to validate the implementation of the corresponding item in the “Description” column.
Description: In the “Description” column a short non-exhaustive description of the requirement is found.
Major Version: The “Major Version” column gives the Technical Specification version applicable and onwards, for the item in the “Description” column.
Major Version X:
For the given Release, the corresponding “Major Version X” column lists the tests required for a UICC to be declared compliant with this Release.
Support: The “Support” column is blank in the proforma, and is to be completed by the manufacturer in respect of each particular requirement to indicate the choices that have been made in the implementation.
Securing the future of mobile services 14
Security, Identity, Mobility
6.3.3 Status and Notations
The “Rel-x UICC” columns show the status of the entries as follows:
The following notations are used for the status column:
M mandatory – the capability is required to be supported.
O optional – the capability may be supported or not.
N/A not applicable – in the given context, it is impossible to use the capability.
X prohibited (excluded) – there is a requirement not to use this capability in the given context.
O.i qualified optional – for mutually exclusive or selectable options from a set. “i” is an integer
which identifies an unique group of related optional items and the logic of their selection, which is
defined immediately following the table.
Ci conditional – the requirement on the capability (“M”, “O”, “X” or “N/A”) depends on the support
of other optional or conditional items. “i” is an integer identifying an unique conditional status
expression, which is defined immediately following the table. For nested conditional expressions, the
syntax “IF ... THEN (IF ... THEN ... ELSE...) ELSE ...” is to be used to avoid ambiguities.
6.4 Test environment description The general architecture for the test environment is:
Test Profile
Implementation Under
Test (IUT)
Test Procedureexchange
Profile Interpreter
Test Profile
Elements of the Test Suite
Scope of the Test Suite
Profile Manager
Test equipment / Server
eUICC
Default Profile
Test APDU
Figure 2: Test environment description
Securing the future of mobile services 15
Security, Identity, Mobility
6.5 Test equipment The test equipment shall meet the following requirements:
the result of I/O commands shall be presented at the application layer.
it shall be able to provide results of the tests.
it shall be able to accept all valid status codes returned.
it shall send all data specified in the test profile.
it may be able to send and receive commands remotely to/from the IUT, OR
it may provide a terminal simulation that is connected to the IUT during test procedure execution,
unless otherwise specified. With respect to the eUICC, the terminal simulation shall act according to
ETSI TS 102 221 [102 221], 3GPP TS 31.101 [UICC] (if this interface is present at the UICC) and
3GPP TS 31.102 [USIM], unless otherwise specified. The terminal simulation may provide the
possibility to monitor the eUICC on the ETSI TS 102 221 [102 221] interface if this interface is
accessible.
6.6 Test execution The order of the PE-s in the Test Profiles shall be kept as it is defined in the “Test Execution” subchapter of
each test case.
After each test case execution, the eUICC shall be put back to its initial state.
6.6.1 General Initial Conditions
The General Initial Conditions are a set of general prerequisites for the IUT prior to the execution of testing.
For each test procedure described in the present document, the following rules apply to the Initial Conditions:
Unless otherwise stated, the IUT shall be reset before each test procedure.
The ISD-P shall be installed and personalised.
6.7 Pass criterion A test shall be considered as successful, only if the test procedure was carried out successfully with the IUT
respecting all conformance requirements referenced in the test procedure.
NOTE: Within the test procedures, the RQs are referenced in the step where they are observable. In some
cases, this is different from the step where they occur with respect to the IUT.
6.8 Indications concerning support of features For the following features, if the file system is using the PE template, the eUICC shall support the given related
Pes (optional for the profiles):
When supporting the USIM feature, the following PEs are mandatory to support: PE-USIM, PE-CD,
PE-TELECOM, PE-OPT-USIM, PE-GSM-ACCESS, PE-PHONEBOOK, USIM Related Files and
Directories PEs.
When supporting the ISIM feature, the following PEs are mandatory to support: PE-ISIM, PE-CD, PE-
OPT-ISIM, ISIM Related Files and Directories PEs.
When supporting the CSIM feature, the following PEs are mandatory to support: PE-CSIM, PE-CD,
PE-OPT-CSIM, CSIM Related Files and Directories PEs.
Securing the future of mobile services 16
Security, Identity, Mobility
When supporting the milenage feature, support of the following PE is mandatory: PE-AKAParameters.
When supporting the tuak feature, support of the following PE is mandatory: PE-AKAParameters.
The following PEs are mandatorily supported by the eUICC, regardless of the supported feature: PE-
PINCodes, PE-PUKCodes, PE-SecurityDomain, PE-Application, PE-RFM, PE-End, file systems PEs (PE-MF,
PE-CD, PE-TELECOM), Generic File management PEs.
The eUICC is required to recognise PE-NonStandard in a profile, but the processing of the content is not
mandatory.
File management templates may also be expressed using the appropriate generic file management.
6.9 eUICC Initalisation Procedures This procedure shall be applied by the test tool only when the eUICC under test is in an unsoldered format.
When the eUICC under test is embedded in a device, the initialisation procedure is accomplished by the device.
To initialise the communication between T and the eUICC, these commands shall be executed:
Step Direction Description RQ
1 T → eUICC RESET
2 eUICC -> T ATR
3 T → eUICC [TERMINAL_PROFILE]
4 eUICC -> T Toolkit initialization
SW=’9000’
The value of the [TERMINAL_PROFILE] is the same as specified by [GS RPAT] in Annex E1.
NOTE: It is assumed that some proactive commands may be sent by the eUICC after sending the TERMINAL
PROFILE (i.e. SET UP EVENT LIST, POLL INTERVAL, PROVIDE LOCAL INFORMATION…). In this case, T
shall send the corresponding FETCH and TERMINAL RESPONSE (successfully performed) commands.
6.10 Profile loading Profile packages shall be loaded using the respective standard procedures supported by the eUICC (e.g.
The content of the Customised PEs is based on the content of the Basic Profile Package PEs and is modified
according to the testing needs.
6.12.2.1. PE Security Domain
6.12.2.1.1. PE SecurityDomain (MNO_SD1)
This PE provides only the mandatory objects a PE Security Domain has to contain.
Compared to the Basic Profile Package PE Security Domain definition defined in 6.12.1.8, all optional
definitions are removed.
PE_SecurityDomain_MNO_SD1
mnoSdValue ProfileElement ::= securityDomain :
{
sd-Header {
mandated NULL,
identification 3
},
instance {
applicationLoadPackageAID
‘A0000001515350’H,
A631A005 80008101 03A1284F 07A00000
01515350 4F08A000 00015153 50414F08
A0000001 51000000 820382FC 8083010F
C90100
Securing the future of mobile services 30
Security, Identity, Mobility
classAID ‘A000000151535041’H,
instanceAID ‘A000000151000000’H,
applicationPrivileges ‘82FC80’H,
-- Secured
lifeCycleState ‘0F’H,
-- no SCP defined
applicationSpecificParametersC9 ‘00’H,
}
}
6.12.2.1.2. PE SecurityDomain (MNO SD2)
Compared to the Basic Profile Package PE Security Domain definition defined in 6.12.1.8, the first key of the
keylist contains two key components definitions.
PE_ SecurityDomain_MNO_SD2
mnoSdValue ProfileElement ::= securityDomain :
{
sd-Header {
mandated NULL,
identification 40
},
instance {
applicationLoadPackageAID
‘A0000001515350’H,
classAID ‘A000000151535041’H,
instanceAID ‘A000000151000000’H,
applicationPrivileges ‘82FC80’H,
-- Secured
lifeCycleState ‘0F’H,
-- SCP80 supported acc. UICC Config.
applicationSpecificParametersC9
‘81028000’H,
-- other parameters may be necessary
applicationParameters {
-- TAR: B20100, MSL: 12
uiccToolkitApplicationSpecificParametersField
‘0100000100000002011203B2010000’H
}
},
keyList {
{
-- C-ENC + R-ENC
keyUsageQualifier ‘38’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- ENC key
keyIdentifier ‘01’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
scp80SeqCounter ‘00’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
},
{
-- DES mode implicitly known
A681EBA0 05800081 0128A13E 4F07A000
00015153 504F08A0 00000151 5350414F
08A00000 01510000 00820382 FC808301
0FC90481 028000EA 11800F01 00000100
00000201 1203B201 0000A281 A1304495
01389601 00820101 83010184 035689A3
04010030 2E301580 01808610 11223344
55667788 99101112 13141516 30158001
80861011 22334455 66778899 10111213
14151630 2D950134 96010082 01028301
01840356 89A30401 00301730 15800180
86101122 33445566 77889910 11121314
1516302A 9501C896 01008201 03830101
84035689 A3301730 15800180 86101122
33445566 77889910 11121314 1516
Securing the future of mobile services 31
Security, Identity, Mobility
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-MAC + R-MAC
keyUsageQualifier ‘34’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- MAC key
keyIdentifier ‘02’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
scp80SeqCounter ‘00’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-DEK + R-DEK
keyUsageQualifier ‘C8’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- data ENC key
keyIdentifier ‘03’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
}
}
}
6.12.2.1.3. PE SecurityDomain (MNO SD3)
Compared to the Basic Profile Package PE Security Domain definition defined in 6.12.1.8, the PE SD contains
the sdPerso Data definition.
PE_SecurityDomain_MNO_SD3
mnoSdValue ProfileElement ::= securityDomain :
{
sd-Header {
mandated NULL,
identification 40
},
instance {
applicationLoadPackageAID
‘A0000001515350’H,
classAID ‘A000000151535041’H,
A681EDA0 05800081 0128A13E 4F07A000
00015153 504F08A0 00000151 5350414F
08A00000 01510000 00820382 FC808301
0FC90481 028000EA 11800F01 00000100
00000201 1203B201 0000A281 87302D95
01389601 00820101 83010184 035689A3
04010030 17301580 01808610 11223344
55667788 99101112 13141516 302A9501
34960100 82010283 01018403 5689A330
Securing the future of mobile services 32
Security, Identity, Mobility
instanceAID ‘A000000151000000’H,
applicationPrivileges ‘82FC80’H,
-- Secured
lifeCycleState ‘0F’H,
-- SCP80 supported acc. UICC Config.
applicationSpecificParametersC9
‘81028000’H,
-- other parameters may be necessary
applicationParameters {
-- TAR: B20100, MSL: 12
uiccToolkitApplicationSpecificParametersField
‘0100000100000002011203B2010000’H
}
},
keyList {
{
-- C-ENC + R-ENC
keyUsageQualifier ‘38’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- ENC key
keyIdentifier ‘01’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
scp80SeqCounter ‘00’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-MAC + R-MAC
keyUsageQualifier ‘34’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- MAC key
keyIdentifier ‘02’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-DEK + R-DEK
keyUsageQualifier ‘C8’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- data ENC key
keyIdentifier ‘03’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
keyCompontents {
{
-- DES mode implicitly known
17301580 01808610 11223344 55667788
99101112 13141516 302A9501 C8960100
82010383 01018403 5689A330 17301580
01808610 11223344 55667788 99101112
13141516 A31A040B 00700842 06010203
04050604 0B007008 45060605 04030201
Securing the future of mobile services 33
Security, Identity, Mobility
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
}
},
-- IIN and CIN
sdPersoData {
‘0070084206010203040506’H,
‘0070084506060504030201’H
}
}
6.12.2.1.4. PE SecurityDomain (MNO SD4)
Compared to the Basic Profile Package PE Security Domain definition defined in 6.12.1.8, the instance
definition is extended by the processData definition containing HTTPs configuration data.
PE_SecurityDomain_MNO_SD4
mnoSdValue ProfileElement ::= securityDomain :
{
sd-Header {
mandated NULL,
identification 40
},
instance {
applicationLoadPackageAID
‘A0000001515350’H,
classAID ‘A000000151535041’H,
instanceAID ‘A000000151000000’H,
applicationPrivileges ‘82FC80’H,
-- Secured
lifeCycleState ‘0F’H,
-- SCP80 supported acc. UICC Config.
applicationSpecificParametersC9
‘8102800081028100’H,
-- other parameters may be necessary
applicationParameters {
-- TAR: B20100, MSL: 12
uiccToolkitApplicationSpecificParametersField
‘0100000100000002011203B2010000’H
},
-- HTTP Configuration according Amend.B
processData{
‘80E21000428581AB84243507020000030000023902057
8470947534D4165554943433C03021F413E05217F00000
1850A0650534B49443102400189778A096C6F63616C686
F7374’H,
‘80E290016C8B582F2F73652D69642F6569642F3030363
3363835363030303030303030303030303030303030303
030303737373B2F2F61612D69642F6169642F413030303
030303031382F343334443038303930413042304330303
03030308C102F67736D612F61646D696E6167656E74’H
}
},
keyList {
{
-- C-ENC + R-ENC
A68201D2 A0058000 810128A1 8201014F
07A00000 01515350 4F08A000 00015153
50414F08 A0000001 51000000 820382FC
8083010F C9088102 80008102 8100EA11
800F0100 00010000 00020112 03B20100
003081BC 044780E2 10004285 81AB8424
35070200 00030000 02390205 78470947
534D4165 55494343 3C03021F 413E0521
7F000001 850A0650 534B4944 31024001
89778A09 6C6F6361 6C686F73 74047180
E290016C 8B582F2F 73652D69 642F6569
642F3030 36333638 35363030 30303030
30303030 30303030 30303030 30303037
37373B2F 2F61612D 69642F61 69642F41
30303030 30303031 382F3433 34443038
30393041 30423043 30303030 30308C10
2F67736D 612F6164 6D696E61 67656E74
A281C330 2D950138 96010082 01018301
01840356 89A30401 00301730 15800180
86101122 33445566 77889910 11121314
1516302A 95013496 01008201 02830101
84035689 A3301730 15800180 86101122
33445566 77889910 11121314 1516302A
9501C896 01008201 03830101 84035689
A3301730 15800180 86101122 33445566
77889910 11121314 1516303A 95013C96
01008201 01830140 8403E42D 8A302730
25800185 8620F0C0 FAAC0EF1 364A3E5E
B4229CF7 97A3752C D0C82778 44576B3E
05D505A0 3F21A682 0191
Securing the future of mobile services 34
Security, Identity, Mobility
keyUsageQualifier ‘38’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- ENC key
keyIdentifier ‘01’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
scp80SeqCounter ‘00’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-MAC + R-MAC
keyUsageQualifier ‘34’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- MAC key
keyIdentifier ‘02’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- C-DEK + R-DEK
keyUsageQualifier ‘C8’H,
-- may be used by SD and application
keyAccess ‘00’H,
-- data ENC key
keyIdentifier ‘03’H,
keyVersionNumber ‘01’H,
keyCheckValue ‘5689A3’H,
keyCompontents {
{
-- DES mode implicitly known
keyType ‘80’H,
keyData
‘11223344556677889910111213141516’H
}
}
},
{
-- PSK
keyUsageQualifier '3C'H,
-- may be used by SD and application
keyAccess '00'H,
keyIdentifier '01'H,
keyVersionNumber '40'H,
keyCheckValue 'E42D8A'H,
keyCompontents {
{
Securing the future of mobile services 35
Security, Identity, Mobility
-- PSK
keyType '85'H,
keyData
'F0C0FAAC0EF1364A3E5EB4229CF797A3752CD0C827784
4576B3E05D505A03F21'H
}
}
}
}
}
Securing the future of mobile services 36
Security, Identity, Mobility
6.12.2.2. PE Application
6.12.2.2.1. void
6.12.2.2.2. PE Application 2
PE_APPLICATION_2
appletValue ProfileElement ::= application : {
app-Header {
mandated NULL,
identification 21
},
loadBlock {
loadPackageAID ‘A000000559101001’H,
securityDomainAID ‘A000000151000000’H
nonVolatileCodeLimitC6 ‘0000’H
volatileDataLimitC7 ‘FFFF’H
nonVolatileDataLimitC8 ‘0000’H
-- Java file for the applet1 in [GS RPAT
Annex A1]
loadBlockObject
‘01002EDECAFFED020204000108A0000005591010011B6
36F6D2F67736D612F65756963632F746573742F6170706
C657431020021002E0021000F003B002A00210066000A0
00E0000008A040F00000000000004010004003B0403010
7A0000000620101000110A0000000090005FFFFFFFF891
2000000010110A0000000871005FFFFFFFF89132000000
00107A000000062000103000F010BA0000005591010011
122330008060021000044800300FF00050400000033FFF
F003000408107008200008002008108010807006600011
0188C00007A04328F00013D8C00022E181D25290416046
1081B8B0003700C1B181D044116048B00041B8C00057A0
0207A02301E046B071967041877017702211D750016000
1000200098D00062D1A048E0200071770027A02108D000
8058E020009007A08000A0000000000000000000005002
A000A06800300010002000600000103800301038003020
600005A06810F0001810400068110000181090009000E0
000000A0506040E0C0420070905’H
},
instanceList {
{
applicationLoadPackageAID
‘A000000559101001’H,
classAID ‘A000000559101002112233’H,
instanceAID ‘A00000055910100211223301’H,
applicationPrivileges ‘000000’H,
lifeCycleState ‘07’H,
applicationSpecificParametersC9 ‘00’H,
applicationParameters {
uiccToolkitApplicationSpecificParametersField
‘0100000000000311223300’H
}
}
}
}
A88201EF A0058000 810115A1 8201A14F
08A00000 05591010 014F08A0 00000151
000000C6 020000C7 02FFFFC8 020000C4
82017D01 002EDECA FFED0202 04000108
A0000005 59101001 1B636F6D 2F67736D
612F6575 6963632F 74657374 2F617070
6C657431 02002100 2E002100 0F003B00
2A002100 66000A00 0E000000 8A040F00
00000000 00040100 04003B04 030107A0
00000062 01010001 10A00000 00090005
FFFFFFFF 89120000 00010110 A0000000
871005FF FFFFFF89 13200000 000107A0
00000062 00010300 0F010BA0 00000559
10100111 22330008 06002100 00448003
00FF0005 04000000 33FFFF00 30004081
07008200 00800200 81080108 07006600
0110188C 00007A04 328F0001 3D8C0002
2E181D25 29041604 61081B8B 0003700C
1B181D04 4116048B 00041B8C 00057A00
207A0230 1E046B07 19670418 77017702
211D7500 16000100 0200098D 00062D1A
048E0200 07177002 7A02108D 0008058E
02000900 7A08000A 00000000 00000000
00000500 2A000A06 80030001 00020006
00000103 80030103 80030206 00005A06
810F0001 81040006 81100001 81090009
000E0000 000A0506 040E0C04 20070905
A241303F 4F08A000 00055910 10014F0B
A0000005 59101002 1122334F 0CA00000
05591010 02112233 01820300 00008301
07C90100 EA0D800B 01000000 00000311
223300
Securing the future of mobile services 37
Security, Identity, Mobility
6.12.2.2.3. PE Application 3
PE_APPLICATION_3
appletValue ProfileElement ::= application : {
app-Header {
mandated NULL,
identification 22
},
loadBlock {
loadPackageAID ‘A000000559101001’H,
-- Java file for the applet1 in [GS RPAT
Annex A1]
loadBlockObject
‘01002EDECAFFED020204000108A0000005591010011B6
36F6D2F67736D612F65756963632F746573742F6170706
C657431020021002E0021000F003B002A00210066000A0
00E0000008A040F00000000000004010004003B0403010
7A0000000620101000110A0000000090005FFFFFFFF891
2000000010110A0000000871005FFFFFFFF89132000000
00107A000000062000103000F010BA0000005591010011
122330008060021000044800300FF00050400000033FFF
F003000408107008200008002008108010807006600011
0188C00007A04328F00013D8C00022E181D25290416046
1081B8B0003700C1B181D044116048B00041B8C00057A0
0207A02301E046B071967041877017702211D750016000
1000200098D00062D1A048E0200071770027A02108D000
8058E020009007A08000A0000000000000000000005002
A000A06800300010002000600000103800301038003020
600005A06810F0001810400068110000181090009000E0
000000A0506040E0C0420070905’H
},
instanceList {
{
applicationLoadPackageAID
‘A000000559101001’H,
classAID ‘A000000559101003112233’H,
instanceAID ‘A00000055910100113223301’H,
extraditeSecurityDomainAID
‘A000000151000000’H
applicationPrivileges ‘000000’H,
lifeCycleState ‘07’H,
applicationSpecificParametersC9 ‘00’H,
systemSpecificParameters {
volatileMemoryQuotaC7 ‘0000’H,
nonVolatileMemoryQuotaC8 ‘0000’H,
implicitSelectionParameter ‘CF0180’H,
volatileReservedMemory ‘D7020000’H,
nonVolatileReservedMemory ‘D8020000’H
},
applicationParameters {
uiccToolkitApplicationSpecificParametersField
‘0100000000000311223300’H,
uiccAccessParams ‘810400010000’H,
uiccAdministrativeAccessApplicationSpecificPar
ametersField ‘820400010000’H
}
}
}
}
A882020E A0058000 810116A1 82018B4F
08A00000 05591010 01C48201 7D01002E
DECAFFED 02020400 0108A000 00055910
10011B63 6F6D2F67 736D612F 65756963
632F7465 73742F61 70706C65 74310200
21002E00 21000F00 3B002A00 21006600
0A000E00 00008A04 0F000000 00000004
01000400 3B040301 07A00000 00620101
000110A0 00000009 0005FFFF FFFF8912
00000001 0110A000 00008710 05FFFFFF
FF891320 00000001 07A00000 00620001
03000F01 0BA00000 05591010 01112233
00080600 21000044 800300FF 00050400
000033FF FF003000 40810700 82000080
02008108 01080700 66000110 188C0000
7A04328F 00013D8C 00022E18 1D252904
16046108 1B8B0003 700C1B18 1D044116
048B0004 1B8C0005 7A00207A 02301E04
6B071967 04187701 7702211D 75001600
01000200 098D0006 2D1A048E 02000717
70027A02 108D0008 058E0200 09007A08
000A0000 00000000 00000000 05002A00
0A068003 00010002 00060000 01038003
01038003 02060000 5A06810F 00018104
00068110 00018109 0009000E 0000000A
0506040E 0C042007 0905A276 30744F08
A0000005 59101001 4F0BA000 00055910
10031122 334F0CA0 00000559 10100113
2233014F 08A00000 01510000 00820300
00008301 07C90100 EF19C702 0000C802
0000CF03 CF0180D7 04D70200 00D804D8
020000EA 1D800B01 00000000 00031122
33008106 81040001 00008206 82040001
0000
Securing the future of mobile services 38
Security, Identity, Mobility
6.12.2.2.4. PE Application 4
PE_APPLICATION_4
appletValue ProfileElement ::= application : {
app-Header {
mandated NULL,
identification 23
},
loadBlock {
loadPackageAID ‘A000000559101002’H,
-- Java file based on the applet1 in [GS
RPAT Annex A1 with AID modified]
loadBlockObject
‘01002EDECAFFED020204000108A0000005591010011B6
36F6D2F67736D612F65756963632F746573742F6170706
C657431020021002E0021000F003B002A00210066000A0
00E0000008A040F00000000000004010004003B0403010
7A0100000620101000110A0000000090005FFFFFFFF891
2000000010110A0000000871005FFFFFFFF89132000000
00107A000000062000103000F010BA0000005591010011
122330008060021000044800300FF00050400000033FFF
F003000408107008200008002008108010807006600011
0188C00007A04328F00013D8C00022E181D25290416046
1081B8B0003700C1B181D044116048B00041B8C00057A0
0207A02301E046B071967041877017702211D750016000
1000200098D00062D1A048E0200071770027A02108D000
8058E020009007A08000A0000000000000000000005002
A000A06800300010002000600000103800301038003020
600005A06810F0001810400068110000181090009000E0
000000A0506040E0C0420070905’H
}
}
A8820196 A0058000 810117A1 82018B4F
08A00000 05591010 01C48201 7D01002E
DECAFFED 02020400 0108A000 00055910
10011B63 6F6D2F67 736D612F 65756963
632F7465 73742F61 70706C65 74310200
21002E00 21000F00 3B002A00 21006600
0A000E00 00008A04 0F000000 00000004
01000400 3B040301 07A01000 00620101
000110A0 00000009 0005FFFF FFFF8912
00000001 0110A000 00008710 05FFFFFF
FF891320 00000001 07A00000 00620001
03000F01 0BA00000 05591010 01112233
00080600 21000044 800300FF 00050400
000033FF FF003000 40810700 82000080
02008108 01080700 66000110 188C0000
7A04328F 00013D8C 00022E18 1D252904
16046108 1B8B0003 700C1B18 1D044116
048B0004 1B8C0005 7A00207A 02301E04
6B071967 04187701 7702211D 75001600
01000200 098D0006 2D1A048E 02000717
70027A02 108D0008 058E0200 09007A08
000A0000 00000000 00000000 05002A00
0A068003 00010002 00060000 01038003
01038003 02060000 5A06810F 00018104
00068110 00018109 0009000E 0000000A
0506040E 0C042007 0905
Securing the future of mobile services 39
Security, Identity, Mobility
6.12.2.2.5. PE Application 5
PE_APPLICATION_5
appletValue ProfileElement ::= application : {
app-Header {
mandated NULL,
identification 24
},
loadBlock {
loadPackageAID ‘A000000559101001’H,
-- Java file for the applet1 in [GS RPAT
Annex A1]
loadBlockObject
‘01002EDECAFFED020204000108A0000005591010011B6
36F6D2F67736D612F65756963632F746573742F6170706
C657431020021002E0021000F003B002A00210066000A0
00E0000008A040F00000000000004010004003B0403010
7A0000000620101000110A0000000090005FFFFFFFF891
2000000010110A0000000871005FFFFFFFF89132000000
00107A000000062000103000F010BA0000005591010011
122330008060021000044800300FF00050400000033FFF
F003000408107008200008002008108010807006600011
0188C00007A04328F00013D8C00022E181D25290416046
1081B8B0003700C1B181D044116048B00041B8C00057A0
0207A02301E046B071967041877017702211D750016000
1000200098D00062D1A048E0200071770027A02108D000
8058E020009007A08000A0000000000000000000005002
A000A06800300010002000600000103800301038003020
600005A06810F0001810400068110000181090009000E0
000000A0506040E0C0420070905’H
},
instanceList {
{
applicationLoadPackageAID
‘A000000559101001’H,
classAID ‘A000000559101005445566’H,
instanceAID ‘A00000055910100544556601’H,
applicationPrivileges ‘000000’H,
lifeCycleState ‘07’H,
applicationSpecificParametersC9 ‘00’H
}
-- Second Instance
{
applicationLoadPackageAID
‘A000000559101001’H,
classAID ‘ A000000559101005445566’H,
instanceAID ‘A00000055910100511223302’H,
applicationPrivileges ‘000000’H,
lifeCycleState ‘07’H,
applicationSpecificParametersC9 ‘00’H
}
}
}
A88201FC A0058000 810118A1 82018B4F
08A00000 05591010 01C48201 7D01002E
DECAFFED 02020400 0108A000 00055910
10011B63 6F6D2F67 736D612F 65756963
632F7465 73742F61 70706C65 74310200
21002E00 21000F00 3B002A00 21006600
0A000E00 00008A04 0F000000 00000004
01000400 3B040301 07A00000 00620101
000110A0 00000009 0005FFFF FFFF8912
00000001 0110A000 00008710 05FFFFFF
FF891320 00000001 07A00000 00620001
03000F01 0BA00000 05591010 01112233
00080600 21000044 800300FF 00050400
000033FF FF003000 40810700 82000080
02008108 01080700 66000110 188C0000
7A04328F 00013D8C 00022E18 1D252904
16046108 1B8B0003 700C1B18 1D044116
048B0004 1B8C0005 7A00207A 02301E04
6B071967 04187701 7702211D 75001600
01000200 098D0006 2D1A048E 02000717
70027A02 108D0008 058E0200 09007A08
000A0000 00000000 00000000 05002A00
0A068003 00010002 00060000 01038003
01038003 02060000 5A06810F 00018104
00068110 00018109 0009000E 0000000A
0506040E 0C042007 0905A264 30304F08
A0000005 59101001 4F0BA000 00055910
10054455 664F0CA0 00000559 10100544
55660182 03000000 830107C9 01003030
4F08A000 00055910 10014F0B A0000005
59101005 4455664F 0CA00000 05591010
05112233 02820300 00008301 07C90100
Securing the future of mobile services 40
Security, Identity, Mobility
7. Profile Package General Structure
7.1 Test requirements The test requirements are extracted from sections 7.2 and 7.3 of “eUICC Profile Package: Interoperable
Format Technical Specification” [SA PP TS].
RQ7.1.1.1 Each PE is described and can be processed by the eUICC independently from the others.
RQ7.1.1.2 An identification number shall be associated to every PE.
RQ7.1.1.3 A PE starts with a header containing the following information:
PE identification number.
Optional flag indicating that the support of this PE is mandatory.
PE type.
PE length.
RQ7.1.1.4 If a feature in a PE flagged as mandatory is not supported by the eUICC:
an error is reported to the Profile Creator.
the processing of the Profile Package is cancelled.
and all of the PE already processed shall be discarded.
RQ7.1.1.5 If a PE is not flagged as mandatory, and if the eUICC does not support the associated feature, the error is reported but the processing of the Profile Package continues.
RQ7.1.1.6 In order to avoid errors and warnings during the processing of a Profile Package, the Profile Creator may audit the targeted eUICC before building a Profile Package. In that case, all the features described in the Profile Package will be entirely supported by the eUICC.
RQ7.1.1.7 The features that shall be supported by the Profile are also described in the Profile header. In case the eUICC does not support one of the features listed in this Profile header, the eUICC shall immediately return an error code and abort the processing of the Profile.
NOTE: RQ7.1.1.1, RQ7.1.1.2 and RQ7.1.1.3 are implicitely tested in test cases loading profiles NOTE 2: Testing of RQ7.1.1.4, RQ7.1.1.5, RQ7.1.1.6 and RQ7.1.1.7 is FFS.
7.2 Test cases / scenarios FFS.
Securing the future of mobile services 41
Security, Identity, Mobility
8. Profile Package Elements Definition
8.1 Test requirements
8.1.1 Common types
The test requirements are extracted from section 8.1 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 42
Security, Identity, Mobility
RQ8.1.1.1 The Profile Package shall respect the size constaints 0 to 255 for the basic integer type Uint8.
RQ8.1.1.2 The Profile Package shall respect the size constaints 0 to 32267 for the basic integer type Uint15.
RQ8.1.1.3 The Profile Package shall respect the size constaints 0 to 65535 for the basic integer type Uint16.
RQ8.1.1.4 The Profile Package shall respect the size constaints 0 to 2147483647 for the basic integer type Uint31.
RQ8.1.1.5 The Application Identifier (AID) shall be an OCTET STRING with the size of 5 to 16 bytes.
RQ8.1.1.6 The PE Header shall be present at the beginning of all PE-s described in this specification.
RQ8.1.1.7 The PE Header may consist of an optional “mandated” field. The type of the mandated field shall be NULL.
RQ8.1.1.8 If the mandated field is set the support of this PE is mandatory for the installation of this Profile. If the eUICC does not support the following PE, it shall abort the processing of the profile and return an error to the sender of the profile.
RQ8.1.1.9 The PE Header shall consist of an “identification” field. The type of the identification field shall be Uint15.
RQ8.1.1.10 The identification field is used to uniquely identify the PE within a profile. It will be used for error reporting to the sender of the profile.
RQ8.1.1.11 Void
RQ8.1.1.12 The ProfileHeader shall be the first element and provided once within a profile download only.
RQ8.1.1.13 After the ProfileHeader, the file system shall be created, staring with the MF. The MF may be created using the file manager or the PE template. See NOTE 2.
RQ8.1.1.14 The PE-CD is optional and shall come after the creation of the MF.
RQ8.1.1.15 The PE-TELEKOM is optional and shall come after the creation of the MF.
RQ8.1.1.16 The PE-USIM is optional and shall come after the creation of the MF.
RQ8.1.1.17 The PE-ISIM is optional and shall come after the creation of the MF.
RQ8.1.1.18 The PE-CSIM is optional and shall come after the creation of the MF.
RQ8.1.1.19 The PE-OPT-USIM is optional and shall come after the PE-USIM.
RQ8.1.1.20 The PE-GSM-ACCESS is optional and shall come after the PE-USIM.
RQ8.1.1.21 The PE-PHONENOOK is optional and shall come after the PE-USIM.
RQ8.1.1.22 The PE-OPT-ISIM is optional and shall come after the PE-ISIM.
RQ8.1.1.23 The PE-OPT-CSIM is optional and shall come after the PE-CSIM.
RQ8.1.1.24 void
RQ8.1.1.25 PE-PINCodes shall be created in the context where they shall be defined.
RQ8.1.1.26 Global PINs shall be created in the context of the creation of the UICC file system (MF).
RQ8.1.1.27 PE-PINCodes shall only be provided once within each DF (ADF).
RQ8.1.1.28 For milenage or Tuak, PE-AKAParameters shall be created once in the context of the respective NAA.
RQ8.1.1.29 PE-AKAParameters shall only be provided once per NAA.
RQ8.1.1.30 PE-AKAParameters is not allowed in the context of MF.
RQ8.1.1.31 PE-AKAParameters is not allowed in the context of SDs.
RQ8.1.1.32 PE-AKAParameters is not allowed in the context of applications.
RQ8.1.1.33 PE-PUKCodes shall only be provided once within the context of the UICC file system (MF).
RQ8.1.1.34 PE-PUKCodes shall include all PUK codes for the complete profile.
RQ8.1.1.35 PE-SecurityDomain is optional and shall be provided after the creation of the file system, NAA parameters and PIN/PUK configuration.
RQ8.1.1.36 PE-Application is optional and should be provided after the creation of the SDs.
RQ8.1.1.37 PE-RFM is optional. It shall be provided after the creation of the SDs the RFM parameters shall be assigned to.
RQ8.1.1.38 PE-NonStandard is optional and in general may be provided in any position after the profile header. Further restrictions depend on the respective application.
RQ8.1.1.39 PE-End shall be provided once at the end of the Profile Package.
NOTE: RQ8.1.1.10 and RQ8.1.1.38 are not testable. NOTE 2: RQ8.1.1.13 may not be testable according to version 1 of the core specification. It is testable if we consider the options are valid. NOTE 3: Requirements RQ8.1.1.1, RQ8.1.1.2, RQ8.1.1.3 and RQ8.1.1.5 are implicitly tested in test cases loading profiles. NOTE 4: RQ8.1.1.4 is not tested as basic integer type Uint31 is never used. NOTE 5: testing of RQ8.1.1.17, RQ8.1.1.18, RQ8.1.1.22 and RQ8.1.1.23 is FFS (ISIM and CSIM related) NOTE 6: testing of RQ8.1.1.30, RQ8.1.1.31 and RQ8.1.1.32 is FFS (not nominal tests) NOTE 7: RQ8.1.1.35 is implicitly tested every time a PE-SecurityDomain is used in test cases NOTE 8: Testing of RQ8.1.1.14, RQ8.1.1.15, RQ8.1.1.19, RQ8.1.1.20 and RQ8.1.1.21 is FFS.
Securing the future of mobile services 43
Security, Identity, Mobility
8.1.2 Profile header
The test requirements are extracted from section 8.2 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
RQ8.1.2.1 The ProfileHeader PE shall be used once and shall be the first PE of the Profile Package.
RQ8.1.2.2 The ServiceList type is used to indicate the services that shall be supported by the eUICC. The type of the fields in the ServiceList shall be NULL.
RQ8.1.2.3 The following list gives the features that the eUICC shall support in order to provide the associated service. When a service is present in the sequence, it indicates that this service is mandatory.
Service Feature provided by te eUICC
contactless support the SWP and HCI interfaces as well as the associated APIs.
usim the USIM application as defined by 3GPP [USIM].
isim the ISIM application as defined by 3GPP [ISIM].
csim the CSIM application as defined by 3GPP2 [CSIM].
milenage the milenage AKA authentication algorithm.
tuak the TUAK AKA authentication algorithm.
cave the CAVE authentication algorithm.
gba-usim support of GBA authentication context in the USIM application.
gba-isim support of GBA authentication context in the ISIM application.
mbms support of the MBMS authentication context in the USIM application.
eap support of the UICC EAP client.
javacard support of the Java Card TM runtime environment.
multos support of the Multos TM runtime environment.
RQ8.1.2.4 The ProfileHeader shall contain the “major-version”. The type of the major-version shall be Uint8.
RQ8.1.2.5 When receiving the ProfileHeader, the eUICC shall check the major-version. If the version indicated by the Profile is greater than the version supported by the eUICC, the eUICC shall return an error “unsupported-profile-version” and stop the processing of the Profile.
RQ8.1.2.6 The ProfileHeader shall contain the “minor-version”. The type of the minor-version shall be Uint8.
RQ8.1.2.7 The minor-version is only informative. It may indicate that the profile contains elements that the eUICC will not be able to process if it supports an older version of the specification. In that case, these elements shall be ignored by the eUICC unless they are marked as mandatory in the PE header.
RQ8.1.2.8 The ProfileHeader may contain the “profileType”. The type of the profileType shall be UTF8String. The “profileType” is a free optional text indicating for example, the name of the Profile issuer and the type of Profile.
RQ8.1.2.9 The ProfileHeader shall contain the “iccid”. The type of iccid shall be OCTET STRING (SIZE (10)).
RQ8.1.2.10 The ProfileHeader may contain the “pol”. The type of the pol shall be OCTET STRING. The pol contains the policy rules within a Profile.
RQ8.1.2.11 If pol is not supplied in the Profile Package, its value shall be set to all 0 in the eUICC.
RQ8.1.2.12 The ProfileHeader shall contain the “eUICC-Mandatory-services”. The type of the eUICC-Mandatory-services shall be ServiceList.
RQ8.1.2.13 The ProfileHeader shall contain the “eUICC-Mandatory-GFSTEList”.
RQ8.1.2.14 The “eUICC-Mandatory-GFSTEList” contains a list of OIDs identifying file system templates used in the Profile Package that shall be supported by the eUICC in order for the Profile to be correctly installed on the eUICC.
RQ8.1.2.15 This list may contain the OIDs associated to the file system template defined in “ANNEX A (Normative): File Structure Templates Definition” of this specification.
NOTE 1: RQ8.1.2.5 and RQ8.1.2.7 are FFS (only major version 1 up to now, and no minor). NOTE 2: RQ8.1.2.10 and RQ8.1.2.11 are not testable (there is no interoperable command to read the value). NOTE 3: RQ8.1.2.13 is implicitely tested everytime ProfileHeader is used.
8.1.3 File system
The test requirements are extracted from section 8.3 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 44
Security, Identity, Mobility
RQ8.1.3.1 Templates need to be created according to the specified settings considering the mandatory parameters
(where no default is provided in the template).
RQ8.1.3.2 Templates can be sent in any order considering the dependencies (e.g. some templates require that a NAA has already been created).
RQ8.1.3.3 Parameters which alter the default given in a template needs to result in the desired configuration; e.g. change of file size, access rule reference.
RQ8.1.3.4 In case a file within a template is specified as ‘do not create’ it must not be available within the created file system.
RQ8.1.3.5 It shall be possible to mix templates with Generic FileSystem Commands.
RQ8.1.3.6 It shall be possible to create a complete profile by Generic FileSystem Commands without use of any templates.
RQ8.1.3.7 Using a template marked as mandated but which is not supported by the eUICC shall lead to an error.
RQ8.1.3.8 The eUICC shall support any template it claims to support; e.g the profile header is passed which requires the need for specific templates creation of the template shall work provided it is correctly used.
RQ8.1.3.9 It shall be possible to create multiple instances of the following templates: - USIM - ISIM - CSIM - EAP-AKA
RQ8.1.3.10 Templates shall always be created within the current context. E.g. the optional USIM EFs template shall be created in the currently selected application.
RQ8.1.3.11 The eUICC shall be able to create multiple instances of a file from a template by following the process described in figure 2 of the core specification [reference to add].
RQ8.1.3.12 It shall not be possible to create two files with the same file path irrespective of whether templates or a generic file system is used.
RQ8.1.3.13 void
RQ8.1.3.14 The eUICC shall be able to handle the “template modification rules” described within the specification; e.g. turn a file into a link.
RQ8.1.3.15 File content provided within the profile package shall be applied to the created file.
RQ8.1.3.16 Within an optional template, files shall only be created if the respective TLV is explicitly included in the profile package.
RQ8.1.3.17 For mandatory file templates all files shall be created unless they are explicitly marked as “do not create”.
RQ8.1.3.18 For all files which are not fully defined in the template specification (open parameters like size) the respective parameters shall be included in the profile package.
RQ8.1.3.19 FCP of files which have been created may include proprietary information. These parameters shall be ignored when checking the settings of files which have been created.
RQ8.1.3.20 The access conditions which have been configured shall apply for the respective files; e.g.: Never shall always be Never and not readable even if other PINs are verified; in case PIN1 is specified for read it shall only be possible to read the file if PIN1 has been verified; … The eUICC shall apply all provided FCP parameters according to ETSI TS 102 221 [102 221].
RQ8.1.3.21 The eUICC shall support access rule conditions according to the UICC specification ETSI TS 102 221 [102 221]; also supporting AND/OR conditions like PIN1 || ADM1.
NOTE: RQ8.1.3.1 and RQ8.1.3.19 are out of scope of this specification. NOTE 2: Testing of RQ8.1.3.2, RQ8.1.3.3, RQ8.1.3.4, RQ8.1.3.5, RQ8.1.3.6, RQ8.1.3.7, RQ8.1.3.9 RQ8.1.3.10, RQ8.1.3.11, RQ8.1.3.12, RQ8.1.3.14, RQ8.1.3.16, RQ8.1.3.17, RQ8.1.3.18, RQ8.1.3.20 and RQ8.1.3.21 is FFS. NOTE 3: RQ8.1.3.8 and RQ8.1.3.15 are implicitely tested in all test cases.
8.1.4 NAA(s)
The test requirements are extracted from section 8.4 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 45
Security, Identity, Mobility
RQ8.1.4.1 The PE-AKAParameters shall be tested with the USIM and ISIM NAA.
RQ8.1.4.2 PE-AKAParameters shall be tested using both options: milenage and TUAK.
RQ8.1.4.3 For milenage PE-AKAParameters shall be tested with the following parameters: key: 16 byte length opc: 16 byte length RES Length Options: 32bits, 64bits, 128bits MAC-A, MAC-C Size: does not apply. To be set to 0 (64 bit) CK and IK size: 128 bits Rotation constants shall have a length of 5 bytes xoringConstants shall have a length of 80 Bytes. note: length of xoringConstants is incorrect within core specification and has been corrected here.
RQ8.1.4.4 For testing milenage the test vectors from 3GPP [MILENAGE] shall be used: PE-AKAParameters shall be initialised with the respective settings.
RQ8.1.4.5 For testing TUAK the test vectors from 3GPP [TUAK] shall be used: PE-AKAParameters shall be initialised with the respective settings.
RQ8.1.4.6 Using Authenticate within USIM NAA in 2G Compatibility mode shall only work if service 38 within the UST is enabled.
RQ8.1.4.7 Authenticate command shall only work if respective Application PIN for the NAA has been verified (e.g. PIN1).
RQ8.1.4.8 Sharing network credentials via the mapping function shall be tested between USIM NAAs, ISIM NAAs and USIM/ISIM. Same algorithm for both NAAs is to be anticipated. The following mapping permutations shall be tested:
- Algo milenage: Share Key, Opc, rotationConstants, xoringConstants algorithmOptions; All SQN parameters including SQN.
- Algo TUAK: Share Key, TOPc algorithmOptions, All SQN parameters excluding SQN. - Algo TUAK: Share Key, TOPc algorithmOptions, All SQN parameters including SQN.
Note; Not sharing algorithmOptions, Key, (T)Opc is not possible due to a limitation in the specification. This option is subject to an open CR.
RQ8.1.4.9 DEFAULT values shall be verified by the relevant test to ensure that they are set correctly.
RQ8.1.4.10 It shall be tested if the DEFAULT values can be overwritten by the profile package; it shall also be checked that the DEFAULT values can be provided as well.
RQ8.1.4.11 Values for rotationConstants and xoringConstants shall only be provided in case milenage is used.
RQ8.1.4.12 SQN handling shall be tested with the available options: - Authentication shall not work for blocked SQN when the wrap around option deactivated. - If incoming SQN is out of range (depends on delta and age limit) the eUICC shall indicate the
need for resynchronization – provided the authentication vector passes authentication. - Authentication shall work if SQN is within the desired range (considering Delta and Age limit).
Note: SQN wrap around is not specified within the core specification > CR due.
RQ8.1.4.13 Testing of authCounterMax is not possible because of unclear behaviour. Note: CR pending to remove this feature from PE-AKAParameters.
RQ8.1.4.14 The PE-AKAParameters shall be send once per NAA.
NOTE : Testing of all RQs in this sections is FFS (priority for phase 2).
8.1.5 PIN and PUK codes
The test requirements are extracted from section 8.5 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 46
Security, Identity, Mobility
RQ8.1.5.1 Global PINs created by the GlobalPIN PE shall be valid within the complete FileSystem.
RQ8.1.5.2 Local PINs shall only be valid within the context (DF and sub DFs) where they are defined.
RQ8.1.5.3 Remaining attempts / default counter shall be verified.
RQ8.1.5.4 Local PINs shared shall share remaining attempts in both contexts where they are valid.
RQ8.1.5.5 It shall be possible to create Global PINs in the context of the MF. E.g. after creation of the MF or also after selection of the MF using Generic File System.
RQ8.1.5.6 A PIN which is used but not defined shall be considered as a blocked PIN.
RQ8.1.5.7 It shall be possible to share one PUK for multiple PIN values.
RQ8.1.5.8 Blocked PINs cannot be verified via I/O but applets with the respective access rights may execute the authorised commands (update, read, create, delete, …)
RQ8.1.5.9 Within the FCP of the ADF and the MF the eUICC has to indicate the status of the PINs/PUKs as specified within the template (e.g. remaining attempts, PINs initialised, PINs available, PIN activated/deactivated) provided that the settings have not been altered after profile installation.
RQ8.1.5.10 The eUICC needs to support the PIN attributes specified: - PINs enabled: in this case the PIN shall be enabled. - PIN may be changed: PIN change allowed; otherwise not. - PIN can be disabled: Means that status of the PIN may not be altered.
- disabled PIN may not be enabled. - enabled PIN may not be disabled.
RQ8.1.5.11 It shall be possible to create all possible global PINs within the global PIN PE and respective PUK values.
RQ8.1.5.12 It shall be possible to create all second Application PINs within one or more DFs.
RQ8.1.5.13 Two local PINs which have been created separately in two DFs with the same second application PIN ID shall have separate status; own remaining attempts; own verified status; own enabled/disable status; also different attributes may be applied for the two PINs.
RQ8.1.5.14 PIN Values shall have a length of 8 Bytes. Unused Bytes are to be padded with FF..FF.
RQ8.1.5.15 It shall be possible to define any value for any PIN: Random Hex Values and also coded as string for user PINs (e.g. PIN 1234 > 31 32 33 34 FF FF FF FF).
RQ8.1.5.16 It shall be possible to assign a PUK value for any PIN.
RQ8.1.5.17 maxNumOfAttemps-retryNumLeft: It shall be possible to assign any value from 0…F for maxNumberOfAttempts and retryNumLeft independent from each other.
RQ8.1.5.18 It shall be possible to create any PIN in enabled or disabled mode.
RQ8.1.5.19 It shall be possible to create any PIN with “PIN can be disabled” stated to define that a PIN status cannot be changed from enabled to disabled and vice versa.
RQ8.1.5.20 It shall be possible to define any PIN with “PIN can be changed” set to allow changing the PIN value; if “PIN can be changed” is not set it shall not be possible to change the PIN.
NOTE: Testing of these RQs is FFS.
8.1.6 Security domains
The test requirements are extracted from section 8.6 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 47
Security, Identity, Mobility
RQ8.1.6.1 The PE Security Domain shall consist of a PE header and an Application Instance object.
RQ8.1.6.2 The values standardised for Supplementary SDs shall be used for the Application Instance object.
RQ8.1.6.3 The PE Security Domain may consist of a keylist and sdPersoData objects.
RQ8.1.6.4 The PE-SecurityDomain shall be used for every SD creation, starting from MNO-SD.
RQ8.1.6.5 The MNO-SD shall be defined and created explicitly.
RQ8.1.6.6 The MNO-SD shall be created first before any other SD, before any RFM Parameters are set, or before any applets are created.
RQ8.1.6.7 Since no package AID nor classAID is standardised for the MNO-SD, it shall use the values defined for supplementary SD creation.
RQ8.1.6.8 The first SD within the sequence of the Profile Package shall be categorised as the MNO-SD by definition.
RQ8.1.6.9 The MNO-SD shall be installed with the special MNO-SD rights defined by the GSMA.
RQ8.1.6.10 All subsequent following instances of SDs shall be installed like regular supplementary SDs as known from GlobalPlatform Card Specification [GP CS].
RQ8.1.6.11 The keylist optional present in the Security Domain PE shall be a sequence of key objects.
RQ8.1.6.12 A key object shall contain a keyUsageQualifier, tag number [21] which shall be an OCTET STRING with SIZE of 1.
RQ8.1.6.13 A key object shall contain a keyAccess, tag number [22] which shall be an OCTET STRING with SIZE of 1.
RQ8.1.6.14 A key object shall contain a keyIdentifier, tag number [2] which shall be an OCTET STRING with SIZE of 1.
RQ8.1.6.15 A key object shall contain a keyVersionNumber, tag number [3] which shall be an OCTET STRING with SIZE of 1.
RQ8.1.6.16 A key object shall contain a list of keyComponents.
RQ8.1.6.17 A keyComponent shall contain a keytype, tag number [0], which shall be an OCTET STRING.
RQ8.1.6.18 A keyComponent shall contain a keyData which shall be an OCTET STRING.
RQ8.1.6.19 A key object may contain a keyCheckValue, tag number [4] which shall be an OCTET STRING
RQ8.1.6.20 A key object may contain a keyCounterValue, tag number [5] which shall be an OCTET STRING.
RQ8.1.6.21 A key object may contain a scp80SeqCounter which shall be an OCTET STRING.
RQ8.1.6.22 Each key to be personalised shall be listed only once.
RQ8.1.6.23 The optional keyCheckValue shall be checked in case it is available. If the check fails, the PE-SecurityDomain installation fails.
RQ8.1.6.24 The keyCheckValue may only be provided for key types supporting it.
RQ8.1.6.25 Scp80SeqCounter shall be defined only once for a complete key set.
RQ8.1.6.26 Only keyTypes defined in GlobalPlatform Card Specification [GP CS], Table 11-16, may be part of the list of keyComponents.
RQ8.1.6.27 Each keyComponent shall be specified only once per key (e.g. including two times the same keyType within one KeyObject will lead to an error).
RQ8.1.6.28 In case the sdPersoData is present it shall contain the data field of a STORE DATA command used to personalise the SD.
RQ8.1.6.29 The content of the data field of the STORE DATA command shall not be encrypted and shall use DGI format.
RQ8.1.6.30 The complete DGI structure for the SD personalisation shall be sent in one complete byte array.
RQ8.1.6.31 Each DGI shall be provided in its own sdPersoData record.
RQ8.1.6.32 Only standardised DGIs, according to GlobalPlatform Card Specification [GP CS], shall be sent when addressing a SD.
RQ8.1.6.33 Installation of the CASD, if required inside a Profile, shall use the same personalisation procedure as defined for SDs.
RQ8.1.6.34 In case RAM and OTA HTTPs is added to a SD the settings can be configured according to GlobalPlatform Card Specification [GP CS] and ETSI specifications.
RQ8.1.6.35 In case RAM is be added to a SD the TAR values for RAM can be configured as follows: - Bytes 13-15 of the SD instance AID. - TAR List within SD install parameters.
RQ8.1.6.36 In case OTA HTTPS is added to a SD OTA HTTPs may be provided within the processData in tag ‘85’ according to GlobalPlatform Amd B [GP AB] (Section 3.7.1 TLV: Security Domain Administration Session Parameters) in the ApplicationInstance structure.
RQ8.1.6.37 In case RAM is added to a SD The security level for RAM shall be defined by the MSL parameter of the SD installation parameters.
RQ8.1.6.38 In case RAM is added to a SD “00 00 00” should be assigned as the TAR value for RAM within the MNO-SD installation.
RQ8.1.6.39 The configuration of the PoR (Proof of Receipt) handling shall not be part of the Profile definition.
RQ8.1.6.40 The eUICC shall follow the latest ETSI and 3GPP release to provide the necessary level of security.
Securing the future of mobile services 48
Security, Identity, Mobility
NOTE: RQ8.1.6.9 is not tested in this specification. Its verification is under the scope of the GSMA. NOTE 2: testing of RQ8.1.6.20 and RQ8.1.6.33 is FFS. NOTE 3: RQ8.1.6.24 and RQ8.1.6.39 are not testable. NOTE 4: RQ8.1.6.32 is not tested in this specification. Its verification is under the scope of GlobalPlatform. NOTE 5: RQ8.1.6.40 is out of scope of this specification.
8.1.7 Application loading and installation
The test requirements are extracted from section 8.7 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
Securing the future of mobile services 49
Security, Identity, Mobility
RQ8.1.7.1 A library shall be loaded when only a ApplicationLoadPackage object is provided within one Application PE.
RQ8.1.7.2 A preloaded application shall be installed only when an ApplicationInstance object is provided within one Application PE.
RQ8.1.7.3 Multiple instances of the same application shall be installed when multiple ApplicationInstance objects are provided within one Application PE.
RQ8.1.7.4 An application shall be loaded providing an ApplicationLoadPackage object and installed via an
ApplicationInstance.
RQ8.1.7.5 An application shall be installed when an ApplicationInstance object is provided within one Application PE.
RQ8.1.7.6 If PEHeader object is set to mandatory, profile installation shall fail if one of the subsequent elements cannot be executed (e.g. load fails because of API incompatibility, install fails because of duplicate TAR values …).
RQ8.1.7.7 If PEHeader object is not set to mandatory, profile installation shall continue with the next PE if one of the subsequent elements cannot be executed (e.g. load fails because of API incompatibility, install fails because of duplicate TAR values …).
RQ8.1.7.8 The loadPackageAID object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS].
RQ8.1.7.9 The loadPackageAID object is mandatory and shall be an ApplicationIdentifier.
RQ8.1.7.10 The securityDomainAID object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS].
RQ8.1.7.11 The securityDomainAID object is optional and shall be an ApplicationIdentifier.
RQ8.1.7.12 The nonVolatileCodeLimitC6 object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS].
RQ8.1.7.13 The nonVolatileCodeLimitC6 object is optional and it shall be an OCTET STRING.
RQ8.1.7.14 The volatileDataLimitC7 object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS].
RQ8.1.7.15 The volatileDataLimitC7 object is optional and it shall be an OCTET STRING.
RQ8.1.7.16 The nonVolatileDataLimitC8 object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS]
RQ8.1.7.17 The nonVolatileDataLimitC8 object is optional and it shall be an OCTET STRING.
RQ8.1.7.18 The hashValue object shall be based on the GP2.2 Load Command according to GlobalPlatform Card Specification [GP CS]
RQ8.1.7.19 The hashValue object is optional and it shall be an OCTET STRING.
RQ8.1.7.20 The loadBlockObject object shall contain the complete load block.
RQ8.1.7.21 The loadBlockObject object is mandatory and it shall be an OCTET STRING.
RQ8.1.7.22 The coding of applicationLoadPackageAID object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.23 The applicationLoadPackageAID object is mandatory and shall be an ApplicationIdentifier.
RQ8.1.7.24 The coding of classAID object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.25 The classAID object is mandatory and shall be an ApplicationIdentifier.
RQ8.1.7.26 The coding of instanceAID object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.27 The instanceAID object is mandatory and shall be an ApplicationIdentifier.
RQ8.1.7.28 The extraditeSecurityDomainAID object shall have the same effect like the Install for Extradition command defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.29 The extraditeSecurityDomainAID object is optional and shall be an ApplicationIdentifier.
RQ8.1.7.30 If the extraditeSecurityDomainAID object value is not provided, the instance shall be associated to the MNO-SD by default.
RQ8.1.7.31 The coding of applicationPrivileges object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.32 The applicationPrivileges object is mandatory and it shall be an OCTET STRING.
RQ8.1.7.33 The coding of lifeCycleState object shall follow the coding Life Cycle State defined within GlobalPlatform Card Specification [GP CS] (section 11.1.1 Life Cycle Coding).
RQ8.1.7.34 The lifeCycleState object is optional for the profile package and it shall be an OCTET STRING. If not provided the default value ‘03’H shall be taken into account as if provided.
RQ8.1.7.35 The coding of applicationSpecificParametersC9 object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
RQ8.1.7.36 The applicationSpecificParametersC9 object is mandatory and it shall be an OCTET STRING.
RQ8.1.7.37 The coding of systemSpecificParameters object shall follow the coding defined for Install for Install defined by GlobalPlatform Card Specification [GP CS].
Securing the future of mobile services 50
Security, Identity, Mobility
RQ8.1.7.38 The systemSpecificParameters object is optional and it shall be an ApplicationSystemParameters.
RQ8.1.7.39 The coding of applicationParameters object shall follow the coding defined in ETSI TS 102 226 [102 226].
RQ8.1.7.40 The applicationParameters object is optional and it shall be an UICCApplicationParameters.
RQ8.1.7.41 The applicationParameters can be used to define the access domain for an applet or an RFM instance.
RQ8.1.7.42 The applicationParameters can be used to define the MSL (Minimum Security Level) for an applet or an RFM instance.
RQ8.1.7.43 The processData object is optional and it shall be a SEQUENCE OF OCTET STRING.
RQ8.1.7.44 The processData object octet string shall be directly sent to the respective application instance for processing.
RQ8.1.7.45 The processData object may contain all the bytes contained in a STORE DATA command (Including CLA,INS, P1, P2, L) if required by the application but encryption shall not be used. Note: This test specification will consider this as mandatory otherwise it is not predictable.
RQ8.1.7.46 The processData object shall contain data for the application and no decryption shall be performed by the respective SD.
RQ8.1.7.47 The volatileMemoryQuotaC7 is optional and it shall be an OCTET STRING.
RQ8.1.7.48 The nonvolatileMemoryQuotaC8 is optional and it shall be an OCTET STRING.
RQ8.1.7.49 The globalServiceParameters is optional and it shall be an OCTET STRING.
RQ8.1.7.50 The implicitSelectionParameter is optional and it shall be an OCTET STRING.
RQ8.1.7.51 The volatileReservedMemory is optional and it shall be an OCTET STRING.
RQ8.1.7.52 The nonVolatileReservedMemory is optional and it shall be an OCTET STRING.
RQ8.1.7.53 The ts102226SIMFileAccessToolkitParameter is optional and it shall be an OCTET STRING.
RQ8.1.7.54 The ts102226AdditionalContactlessParameters is optional and it shall be a ts102226AdditionalContactlessParameters.
RQ8.1.7.55 The uiccToolkitApplicationSpecificParametersField is optional and it shall be an OCTET STRING.
RQ8.1.7.56 The uiccAccessApplicationSpecificParametersField is optional and it shall be an OCTET STRING.
RQ8.1.7.57 The uiccAccessParams is optional and it shall be an OCTET STRING.
RQ8.1.7.58 The uiccAdministrativeAccessApplicationSpecificParametersField is optional and it shall be an OCTET STRING.
RQ8.1.7.59 The protocolParameterData is mandatory and it shall be OCTET STRING.
RQ8.1.7.60 The processData object shall be provided to the respective applet instance, with the supported processData method according to GlobalPlatform Card Specification [GP CS].
The test requirements are extracted from section 8.8 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
RQ8.1.8.1 RFM Parameters PE shall appear after PE containing the SD or the ADF.
RQ8.1.8.2 RFM Parameters PE is optional and may be used several times.
RQ8.1.8.3 The securityDomainAID object is optional. If present an RFM instance shall be associated with the referenced SD. If not present, the RFM instance shall be associated with the MNO-SD.
RQ8.1.8.4 A RFM instance shall be addressable with a given TAR values.
RQ8.1.8.5 A RFM instance shall be associated with at most one ADF.
RQ8.1.8.6 RFM Parameters PE shall contain PEHeader object.
RQ8.1.8.7 RFM Parameters PE may contain securityDomainAID of ApplicationIdentifier type, tag 15.
RQ8.1.8.8 RFM Parameters shall contain tarList as a sequence of OCTET STRING of size 3, tag 0.
RQ8.1.8.9 RFM Parameters shall contain minimumSecurityLevel of OCTET STRING of size 1, tag 1.
RQ8.1.8.10 The Minimum Security Level (MSL) for the RFM instance shall be interpreted according to ETSI TS 102 226.
RQ8.1.8.11 RFM Parameters shall contain uiccAccessDomain of OCTET STRING of variable size.
RQ8.1.8.12 RFM Parameters shall contain uiccAdminAccessDomain field of OCTET STRING of variable size.
RQ8.1.8.13 RFM Parameters may contain adfRFMAccess of ADFRFMAccess type.
RQ8.1.8.14 ADFRFMAccess object shall contain adfAID of ApplicationIdentifier type.
RQ8.1.8.15 ADFRFMAccess object shall contain adfAccessDomain of OCTET STRING of variable size.
RQ8.1.8.16 ADFRFMAccess object shall contain adfAdminAccessDomain of OCTET STRING of variable size.
RQ8.1.8.17 If adfRFMAccess is not provided, the RFM instance shall be linked only to the MF.
RQ8.1.8.18 If adfRFMAccess is provided, corresponding ADF shall be selected by default in the context of an RFM
script.
RQ8.1.8.19 If adfRFMAccess is not provided, the MF shall be selected by default in the context of an RFM script.
NOTE: Testing of these RQs is FFS.
8.1.9 Non standardised content
The test requirements are extracted from section 8.9 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
RQ8.1.9.1 The Profile Package can use as many PE-NonStandard profile elements as required.
RQ8.1.9.2 PE-NonStandard shall contain a “nonstandard-header” object. The type of the “nonstandard-header” object is PEHeader.
RQ8.1.9.3 PE-NonStandard shall contain an “issuerID” object. The type of the issuerID shall be OBJECT IDENTIFIER.
RQ8.1.9.4 PE-NonStandard shall contain “content” object. The type of the content shall be OCTET STRING.
Note; RQ8.1.9.1, RQ8.1.9.2, RQ8.1.9.3 and RQ8.1.9.4 are out of scope of this specification.
8.1.10 Profile Package end
The test requirements are extracted from section 8.10 of “eUICC Profile Package: Interoperable Format
Technical Specification” [SA PP TS].
RQ8.1.10.1 The PE-End shall contain an “end-header” object. The type of the “end-header” object is PE Header.
RQ8.1.10.2 The support of PE-End is mandatory for eUICC.
RQ8.1.10.3 The PE shall be used as the last element of the Profile Package.
Securing the future of mobile services 52
Security, Identity, Mobility
8.1.11 eUICC Response type
The test requirements are extracted from section 8.11 and 9.5.2 of “eUICC Profile Package: Interoperable
Format Technical Specification” [SA PP TS].
RQ8.1.11.1 EUICCResponse object shall contain peStatus field of SEQUENCE OF PEStatus type.
RQ8.1.11.2 EUICCResponse object main contain profileInstallationAborted field of NULL type.
RQ8.1.11.3 EUICCResponse object may contain statusMessage field of UTF8String type.
RQ8.1.11.4 PEStatus object shall contain status field of INTEGER type.
RQ8.1.11.5 PEStatus object may contain identification field of Uint15 type.
RQ8.1.11.6 The identification field, if present, shall indicate the identification number of the PE triggering the error.
RQ8.1.11.7 The identification field shall be present if any of following statuses are reported: - PE-not-supported. - bad-values.
RQ8.1.11.8 PEStatus object may contain additional-information field of Uint8 type.
RQ8.1.11.9 eUICCResponse with ok status shall be sent at the end of the profile installation when the profile has been processed successfully, and only if there is nothing to report.
RQ8.1.11.10 eUICCResponse with ok status shall not indicate any PE identification.
RQ8.1.11.11 eUICCResponse with PE-not-supported status shall be sent if a specific PE is not supported by the eUICC.
RQ8.1.11.12 eUICCResponse with PE-not-supported status shall include profileInstallationAborted tag if an unsupported PE is indicated as “mandated”.
RQ8.1.11.13 In case of profile installation failure due to internal memory issue, eUICCResponse with memory-failure status shall be sent.
RQ8.1.11.14 bad-values status shall be sent if any of values is out of its acceptable value range.
RQ8.1.11.15 If eUICC has not enough free memory to install the Profile, eUICCResponse with not-enough-memory status shall be sent.
RQ8.1.11.16 If eUICC finds a structure of a PE unkown or badly formatted, eUICCResponse with invalid-request-format status shall be sent.
RQ8.1.11.17 If eUICC does not support a parameter in a particular PE, eUICCResponse with invalid-parameter shall be sent.
RQ8.1.11.18 If any PE-Application in the Profile requires a runtime environment that is not supported by the eUICC, eUICCResponse with runtime-not-supported status shall be sent.
RQ8.1.11.19 If any PE-Application in the Profile depends on a library that is not available in the eUICC, eUICCResponse with lib-not-supported status shall be sent.
RQ8.1.11.20 If a generic file system template indicated by OID is not supported by the eUICC, eUICCResponse with template-not-supported status shall be sent.
RQ8.1.11.21 feature-not-supported status shall be sent if the profile header mentions a feature the eUICC does not support.
RQ8.1.11.22 feature-not-supported status shall be sent if Optional USIM Efs PE contains any of EF GBABP, EF MSK, EF MUK, EF GBANL and EF NAFKCA and respective services are not supported at the eUICC operating system level. In this case, PEStatus object shall contain additional-information field set to ‘1’ if GBA is not supported, to ‘2’ if MBMS if not supported and ‘3’ if both are not supported.
RQ8.1.11.23 If a major version indicated in the Profile header is not supported by the eUICC, eUICCResponse with unsupported-profile-version status shall be sent (in the respect of specified versions).
RQ8.1.11.24 If eUICCResponse contains any of the following statuses: - unsupported-profile-version - not-enough-memory - PE-not-supported and not marked as optional - memory-failure - invalid-request-format the installation of the Profile shall be aborted.
RQ8.1.11.25 If the installation of the Profile is aborted eUICCResponse shall contain profileInstallationAborted tag
NOTE 1: RQ8.1.11.1 is implicitely tested everytime UICC response with PEStatus is sent. NOTE 2: Testing of RQ8.1.11.2, RQ8.1.11.3, RQ8.1.11.4, RQ8.1.11.5, RQ8.1.11.6, RQ8.1.11.7, RQ8.1.11.8, RQ8.1.11.10, RQ8.1.11.11, RQ8.1.11.12, RQ8.1.11.13, RQ8.1.11.14, RQ8.1.11.15, RQ8.1.11.18, RQ8.1.11.19, RQ8.1.11.20, RQ8.1.11.22 and RQ8.1.11.23 is FFS.
Securing the future of mobile services 53
Security, Identity, Mobility
8.2 Test cases / scenarios
8.2.1 Check Profile Format
8.2.1.1. Installing PE-USIM when eUICC supports USIM (File system created
by generic file manager)
FFS
8.2.1.2. Installing PE-USIM when eUICC supports USIM (file system created
by template)
8.2.1.2.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_PINCodes 6.12.1.6
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE_SecurityDomain 6.12.1.9
PE_Application 6.12.1.10
PE_RFM 6.12.1.11
PE_END 6.12.1.12
8.2.1.2.2. Initial Conditions
None.
8.2.1.2.3. Test Procedure
Securing the future of mobile services 54
Security, Identity, Mobility
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 .
This test shall check if keyComponent is assigned just once per key.
8.2.2.3.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_PINCodes 6.12.1.6
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.2.1.2
PE_SecurityDomain 6.12.1.9
PE_Application 6.12.1.10
PE_RFM 6.12.1.11
PE_END 6.12.1.12
8.2.2.3.2. Initial conditions
None
8.2.2.3.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according. To 6.10. RQ8.1.6.27
2 eUICC → T eUICC response shall contain at least one PEStatus different from ok (0)
Securing the future of mobile services 62
Security, Identity, Mobility
8.2.2.4. Check sdPersoData
This test shall check if sdPersoData is processed.
8.2.2.4.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_PINCodes 6.12.1.6
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.2.1.3
PE_SecurityDomain 6.12.1.9
PE_Application 6.12.1.10
PE_RFM 6.12.1.11
PE_END 6.12.1.12
8.2.2.4.2. Initial conditions
None
8.2.2.4.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.6.1
2 eUICC → T eUICC responses with PEStatus (0) ok RQ8.1.11.9
3 T ↔ eUICC Enable Test Profile according to 6.11
4 T → eUICC Send GET DATA command to MNO-SD with P1 = ‘00’ P2 = ‘42’ (Issuer Identification Number)
RQ8.1.6.28 RQ8.1.6.29 RQ8.1.6.30 RQ8.1.6.31
5 eUICC → T GET DATA command responses with
IIN out of #sdPersoData.
SW=’9000’
6 T → eUICC Send GET DATA command to MNO-SD with P1 = ‘00’
P2 = ‘45’ (Card Image Number)
RQ8.1.6.28 RQ8.1.6.29 RQ8.1.6.30 RQ8.1.6.31
7 eUICC → T GET DATA command responses with
CIN out of #sdPersoData.
SW=’9000’
Securing the future of mobile services 63
Security, Identity, Mobility
8.2.2.5. Check OTA HTTPs Personalisation
This test shall check if MNO_SD is personalised with OTA HTTPs Data.
8.2.2.5.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_PINCodes 6.12.1.6
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.2.1.4
PE_SecurityDomain 6.12.1.9
PE_Application 6.12.1.10
PE_RFM 6.12.1.11
PE_END 6.12.1.12
8.2.2.5.2. Initial conditions
None
8.2.2.5.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.6.1
2 eUICC → T eUICC responses with PEStatus (0) ok RQ8.1.11.9
3 T ↔ eUICC Enable Test Profile according to 6.11
4 T → eUICC Send GET DATA command to MNO-SD with P1 = ‘00’ P2 = ‘85’
RQ8.1.6.36 RQ8.1.7.45
5 eUICC → T GET DATA command responses with
Security Domain Administration Session
Parameters contained in #processData.
SW=’9000’
Securing the future of mobile services 64
Security, Identity, Mobility
8.2.3 Check PE Application
8.2.3.1. Check Application PE (PE_Applet) and mandatory elements in
ApplicationInstance
8.2.3.1.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE-Application 6.12.1.10
PE_END 6.12.1.12
8.2.3.1.2. Initial conditions
None
8.2.3.1.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.1.6 RQ8.1.1.7 RQ8.1.1.9 RQ8.1.7.4 RQ8.1.7.5 RQ8.1.7.7 RQ8.1.7.8 RQ8.1.7.9 RQ8.1.7.20 RQ8.1.7.21 RQ8.1.7.22 RQ8.1.7.23 RQ8.1.7.24 RQ8.1.7.25 RQ8.1.7.26 RQ8.1.7.27 RQ8.1.7.31 RQ8.1.7.32 RQ8.1.7.33 RQ8.1.7.34 RQ8.1.7.35 RQ8.1.7.36 RQ8.1.7.39 RQ8.1.7.55
2 eUICC → T eUICC responses with PEStatus (0) ok RQ8.1.11.9
3 T ↔ eUICC Enable Test Profile (see description in 6.11)
4 T → eUICC Send GET STATUS command to MNO-SD using SCP80 with P1 = ‘40’ P2 = ‘02’ Data =’4F LL #instanceAID 5C 06 4F 9F 70 C5 C4 84’
RQ8.1.6.7
5 eUICC → T GET STATUS command responses with
AID of application (#instanceAID)
Life cycle state (#lifeCyleState)
Privileges (#applicationPrivileges)
Securing the future of mobile services 65
Security, Identity, Mobility
Application Executable Load file AID
(#applicationLoadPackageAID)
Executable Module AID (#classAID)
SW=’9000’
8.2.3.2. Check all elements in ApplicationLoadPackage – taking size into
account.
8.2.3.2.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE-Application 6.12.2.2.2
PE_END 6.12.1.12
8.2.3.2.2. Initial conditions
None
8.2.3.2.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.7.8 RQ8.1.7.9 RQ8.1.7.10 RQ8.1.7.11 RQ8.1.7.12 RQ8.1.7.13 RQ8.1.7.14 RQ8.1.7.15 RQ8.1.7.16 RQ8.1.7.17 RQ8.1.7.18 RQ8.1.7.19 RQ8.1.7.20 RQ8.1.7.21
2 eUICC → T If O_MEMORY_LIMIT , the eUICC responses with PEStatus (4) not-enough-memory and the eUICC response contains profileInstallationAborted tag If not O_MEMORY_LIMIT, the eUICC responses with PEStatus (0) ok or with PEStatus (6) invalid-parameter
RQ8.1.11.13 RQ8.1.11.25 RQ8.1.11.9 RQ8.1.11.17
3 T ↔ eUICC If O_MEMORY_LIMIT enabling the Test Profile according to 6.11 fail. If not O_MEMORY_LIMIT the result of enabling the Test Profile according to 6.11 is unspecified.
Securing the future of mobile services 66
Security, Identity, Mobility
8.2.3.3. Check all elements in ApplicationInstance
8.2.3.3.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE-Application 6.12.2.2.3
PE_END 6.12.1.12
8.2.3.3.2. Initial conditions
None
8.2.3.3.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.7.4 RQ8.1.7.5 RQ8.1.7.22 RQ8.1.7.23 RQ8.1.7.24 RQ8.1.7.25 RQ8.1.7.26 RQ8.1.7.27 RQ8.1.7.28 RQ8.1.7.29 RQ8.1.7.30 RQ8.1.7.31 RQ8.1.7.32 RQ8.1.7.33 RQ8.1.7.34 RQ8.1.7.35 RQ8.1.7.36 RQ8.1.7.37 RQ8.1.7.38 RQ8.1.7.39 RQ8.1.7.40 RQ8.1.7.41 RQ8.1.7.42 RQ8.1.7.47 RQ8.1.7.48 RQ8.1.7.50 RQ8.1.7.51 RQ8.1.7.52 RQ8.1.7.55 RQ8.1.7.57 RQ8.1.7.58
2 eUICC → T eUICC responses with PEStatus (0) ok RQ8.1.11.9
3 T ↔ eUICC Enable Test Profile (see description in 6.11)
Securing the future of mobile services 67
Security, Identity, Mobility
4 T → eUICC Send GET STATUS command to MNO-SD using SCP80 with P1 = ‘40’ P2 = ‘02’ Data =’4F LL #instanceAID 5C 06 4F 9F 70 C5 C4 84’
RQ8.1.6.7
5 eUICC → T GET STATUS command responses with
AID of application (#instanceAID)
Life cycle state (#lifeCyleState)
Privileges (#applicationPrivileges)
Application Executable Load file AID
(#applicationLoadPackageAID)
Executable Module AID (#classAID) SW=’9000’
8.2.3.4. Error when load a PE-Applet4 and bad library is provided.
8.2.3.4.1. Test execution
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE-Application 6.12.2.2.4
PE_END 6.12.1.12
8.2.3.4.2. Initial conditions
None
8.2.3.4.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.1.6 RQ8.1.1.7 RQ8.1.1.9 RQ8.1.7.1 RQ8.1.7.7 RQ8.1.7.8 RQ8.1.7.9
2 eUICC → T eUICC response with PEStatus (8) lib-not-supported and the eUICC response contains profileInstallationAborted tag
RQ8.1.11.19 RQ8.1.11.25
3 T ↔ eUICC Enabling Test Profile according to 6.11 fail
Securing the future of mobile services 68
Security, Identity, Mobility
8.2.3.5. Check multiple ApplicationInstance.
8.2.3.5.1. Test execution
This test is executed only if multiple instances are supported
The Test Profile is defined as follows:
TYPE VALUE or REFERENCE
ProfileHeader 6.12.1.1
PE-MF 6.12.1.2
PE_PUKCodes 6.12.1.3
PE_PINCodes 6.12.1.4
PE_USIM 6.12.1.5
PE_AKAParameters 6.12.1.7
PE_SecurityDomain 6.12.1.8
PE-Application 6.12.2.2.5
PE_END 6.12.1.12
8.2.3.5.2. Initial conditions
None
8.2.3.5.3. Test procedure
Step Direction Description RQ
1 T → eUICC Load Test Profile to the eUICC according to 6.10 RQ8.1.1.6 RQ8.1.1.7 RQ8.1.1.9 RQ8.1.7.3 RQ8.1.7.7 RQ8.1.7.8 RQ8.1.7.9 RQ8.1.7.20 RQ8.1.7.21 RQ8.1.7.22 RQ8.1.7.23 RQ8.1.7.24 RQ8.1.7.25 RQ8.1.7.26 RQ8.1.7.27 RQ8.1.7.31 RQ8.1.7.32 RQ8.1.7.33 RQ8.1.7.35 RQ8.1.7.36
2 eUICC → T eUICC response with PEStatus (0) ok RQ8.1.11.9
3 T → eUICC Enable Test Profile (see description in 6.11)
4 T → eUICC Send GET STATUS command to MNO-SD using SCP80 with P1 = ‘40’ P2 = ‘02’ Data =’4F LL #instanceAID 5C 06 4F 9F 70 C5 C4 84’ (first application)
RQ8.1.6.7
5 eUICC → T GET STATUS command responses with
AID of application1 (#instanceAID)
Life cycle state (#lifeCyleState)
Privileges (#applicationPrivileges)
Securing the future of mobile services 69
Security, Identity, Mobility
Application Executable Load file AID
(#applicationLoadPackageAID)
Executable Module AID (#classAID)
SW=’9000’
6 T → eUICC Send GET STATUS command to MNO-SD using SCP80 with P1 = ‘40’ P2 = ‘02’ Data =’4F LL #instanceAID (second application) 5C 06 4F 9F 70 C5 C4 84’
RQ8.1.6.7 RQ8.1.7.3
7 eUICC → T GET STATUS command responses with
AID of application2 (#instanceAID)
Life cycle state (#lifeCyleState)
Privileges (#applicationPrivileges)
Application Executable Load file AID
(#applicationLoadPackageAID)
Executable Module AID (#classAID)
SW=’9000’
Securing the future of mobile services 70
Security, Identity, Mobility
9. ANNEX A (Informative) : Document history
The table below indicates changes that have been incorporated into the present document since it was created
